Category Archives: Workplace Privacy

On August 1, Illinois became the second state to amend its workplace privacy law to prohibit employers from asking employees and job applicants for their social media passwords. The change to the state’s Right to Privacy in the Workplace Act goes into effect on January 1, 2013. Maryland was the first to pass a similar law in April. Other states like California, Minnesota, Michigan, Massachusetts, New Jersey and New York have similar laws pending. The laws are designed to curb employers’ use of social media accounts to assess the online behavior of a potential new hire or existing employee.

Online data broker Spokeo agreed to pay $800,000 to settle Federal Trade Commission (FTC) charges that it marketed information profiles on millions of consumers to companies that used them for employment screening, without taking necessary steps to protect consumers. This misuse of data violated federal law, specifically the Fair Credit Reporting Act (FCRA), because Spokeo operated as a consumer reporting agency but it failed to disclose the source of its data or give consumers the chance to correct inaccurate information, among other things. The conduct occurred between 2008 and 2010 when the company marketed the data on a subscription basis. The settlement was announced by the FTC on June 12, 2012.

Spokeo is a data aggregator, merging personal information it collects about consumers from online and offline data sources to create detailed individual profiles of consumers. A profile might include name, address, age range, email address, ethnicity, religion, photos, hobbies, and participation on social networking sites. Spokeo describes itself as a “people search engine.”

This case is important because it’s the first FTC case to address the sale of Internet and social media data for employment screening. The FTC also accused Spokeo of posting deceptive endorsements of their services on news and technology websites and blogs “portraying the endorsements as independent when in reality they were created by Spokeo’s own employees.” These misleading endorsements violated the Federal Trade Commission Act.

Welcome to Privacy Matters, a Nolo blog devoted to information privacy and data security issues as they relate to small businesses and consumers. Information privacy covers the rules that apply to the gathering and handling of “personal information” — in other words information that can be traced to a particular individual, like geolocation information, credit information, or health records.

Privacy law varies by industry, state, country, transaction and customer and is complicated. Through blog posts and an ongoing series of Nolo primer articles, I hope to provide general, useful information about fundamental privacy principles and best practices that Internet, technology and bricks and mortar businesses need to be aware of, as this area of law can be a field of landmines for the unknowing.

Class action lawsuits and Federal Trade Commission enforcement actions against tech titans like Facebook and Google, and high-profile data breaches jeopardizing that private data of millions of individuals and tarnishing the reputations of scores of companies like Sony, Heartland Payments Systems and RSA Security — have thrust privacy onto the front pages. It’s important for small business owners to recognize that the same rules that have gotten large companies into trouble apply to small businesses as well. When it comes to privacy, an once of prevention is, in fact, worth a pound of cure.